Participants
Ian Howle
Ian Howle
Bruce Momjian
Bruce Momjian
Attachments
Show all attachments
Thread Outline
#1Ian HowleIan Howle
Jun 12, 2006
#2Bruce MomjianBruce Momjianto Ian Howle (#1)
Jun 13, 2006

BUG #2478: PQescapeStringConn

Started by Ian Howlealmost 20 years ago2 messagesbugs
Jump to latest
#1Ian Howle
Ian Howle
Ian@qwizdom.com

The following bug has been logged online:

Bug reference: 2478
Logged by: Ian Howle
Email address: Ian@qwizdom.com
PostgreSQL version: 8.1.4
Operating system: Mac OS X 10.4.6
Description: PQescapeStringConn
Details:

When inserting into a TEXT or VARCHAR() table field, single quotes are
needed around the text. When using the PQescapeStringConn(), the beginning
and ending single quotes are escaped, causing the INSERT statement to fail.
I understand that this really isn't a bug and that the text being insterted
into the database should be scanned using PQescapeStringConn() before adding
the surrounding quotes.

I have a single method that deals with inserting data into the database,
which is called from many places throughout the application. It would be
nice if PQescapeStringConn() did not escape beginning and ending quotes,
just everything in between.

Thank you.

#2Bruce Momjian
Bruce Momjian
bruce@momjian.us
In reply to: Ian Howle (#1)
Re: BUG #2478: PQescapeStringConn

Ian Howle wrote:

The following bug has been logged online:

Bug reference: 2478
Logged by: Ian Howle
Email address: Ian@qwizdom.com
PostgreSQL version: 8.1.4
Operating system: Mac OS X 10.4.6
Description: PQescapeStringConn
Details:

When inserting into a TEXT or VARCHAR() table field, single quotes are
needed around the text. When using the PQescapeStringConn(), the beginning
and ending single quotes are escaped, causing the INSERT statement to fail.
I understand that this really isn't a bug and that the text being insterted
into the database should be scanned using PQescapeStringConn() before adding
the surrounding quotes.

I have a single method that deals with inserting data into the database,
which is called from many places throughout the application. It would be
nice if PQescapeStringConn() did not escape beginning and ending quotes,
just everything in between.

What if the string itself starts and ends with single quotes? How would
we know whether to escape them? What people usually do is to have the
single-quotes in their query, and just place the PQescapeStringConn()
inside those single quotes.

--
Bruce Momjian http://candle.pha.pa.us
EnterpriseDB http://www.enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +

← Back to Topics